The term ‘Industry 4.0’ became publicly known in 2011, when an initiative named “Industrie 4.0” promoted the idea as an approach to strengthening the competitiveness of the German manufacturing industry. Industry 4.0 encompasses some key concepts: Cyber Physical Systems (the integration of computation and physical processes), Internet of Things (IoT) and Internet of Services (to offer services via the internet). The objectives are the OpEx (Operational Expenses) reduction (less maintenance and shutdowns), Process and product innovation and the possibility to switch from fixed to recurrent costs.


iFIX (GE Digital) is an industrial automation system for many applications, ranging from common HMI, as simple as manual data entry and validation, to complex SCADA, such as batch, filtration, and distributed alarm management.

We build advanced analysis algorithms to monitor your data streams to ensure that your system achieve and maintain the better performances over time.

Manufacturing process management (MPM)

Manufacturing Management is a collection of technologies and methods used to define how products are to be manufactured. MPM differs from Enterprise Resource Planning (ERP)/MRP which is used to plan the ordering of materials and other resources, set manufacturing schedules, and track cost data.

Astarte can feed your existing SAP MES, MRP, and Enterprise Resource Planning (ERP) solutions automatically with Real-Time production data.

Astarte is an Open Source full-stack Industry 4.0 solution that takes care of everything, from the embedded device to the Data Analytics and Reporting that can be customized to any customer’s needs:

  • We can develop both custom interfaces and expose personalized APIs: it’s your choice.
  • Astarte can be deployed in private-cloud mode, or on premise. We are agnostic with respect to both the infrastructure provider and embedded device maker.
  • Astarte reads data from distributed devices and send commands on a tiny and reliable communication protocol.
Astarte enhances your business process through IoT, without getting in your way.

Data Integrity

Data Integrity is the maintenance of, and the assurance of the accuracy and consistency of, data over its entire life-cycle. Data Integrity is a fundamental point for any ‘Industry 4.0’ application.

Astarte implements a state of the art secure data transport, making sure every bit of information is always encrypted, authenticated and validated. This way, you can be sure about who’s generating and sending the data, and its integrity.

Astarte’s modular nature makes sure every component is isolated and resilient to failure.



  • Enable new business models

    Astarte enables Hardware as a Service (HaaS) business models by keeping your devices monitored and controlled.

    You can define your metrics for consumption and invoicing strategy straight in your Business Process Model (BPM) or Enterprise Resource Planning (ERP), and let Astarte bind your logic to your field application, to automate the process entirely.

    • Define your workflow and process in your own infrastructure
    • Real time, automated invoicing
    • Real time monitoring of connected devices
    • Device tampering protection
    • Base collector for data analytics
  • Switch to discrete production

    As your business evolves, managing your production assets becomes crucial.

    Astarte can help integrating your enterprise infrastructure with your production plants, allowing your production to be dynamically controlled by your data, be it your incoming orders, predictive analytics, or Business Process Model (BPM) workflows.

    • Feed data to and from your production machines
    • Use your business intelligence to drive production
    • If you rely on an Enterprise Service Bus, use Astarte as the production controller
    • Enhance your warehouse automation
  • Make your Business Process Model (BPM) event driven

    Event driven Business Process Model (BPM) can be further enhanced with Astarte, by having events coming straight from the field.

    Sensors and Gateways can be used to gather data you care about, and Astarte can feed it in real-time to your Business Process Model (BPM), interacting with your process and making your BI adapt to context and events.

    • Integrate any source of data from the field
    • Collect data from commercial gateways: no custom hardware needed
    • Define your processes based on field events and current context
    • Drive your process in real time
    • Integrate with mobile applications for real time notifications to employees


  • How does it work?

    Astarte collects data from any source, and intelligently feeds custom applications, Enterprise Resource Planning (ERP), Workflow automation systems and much more with the data they need, the way they need it.

    Astarte bridges the gap between the data you’re collecting, the data you can collect and your existing logic, enhancing the way your company works by automating your business process and minimising human error.

  • Where does the data come from?

    If you already have your own devices or infrastructure for data collection, Astarte integrates as a thin, non intrusive software layer in your existing architecture, compatible with all major platforms and operating systems.

    If you need to collect data from field sources, Astarte provides Hemera, a dedicated embedded system optimised for security, bandwidth and resource consumption, which can be easily customised, integrated and deployed in your scenario.

  • Where does the data go?

    Astarte can be deployed to a private cloud (Azure, Bluemix, AWS…), on premise or to a set of physical machines. Regardless, your data is always physically isolated and never shared with other parties.

  • Is it secure?

    Astarte implements a state of the art secure data transport, making sure every bit of information is always encrypted, authenticated and validated. This way, you can be sure about who’s generating and sending the data, and its integrity.

    Astarte’s modular nature makes sure every component is isolated and resilient to failure.

  • How is the data used?

    Astarte is designed to integrate with end-users applications. You can either use existing connectors for the most popular Enterprise Resource Planning (ERP), Business Process Model (BPM) and Workflow automation solutions on the market or create custom rich mobile or web applications suited for your use case.

    Astarte acts as a smart agent which collects, processes and distributes data to every end of your infrastructure.

  • Why does it work?

    Astarte is a modular, distributed architecture which builds on top of the most modern technologies and paradigms.

    Astarte’s technology is validated by market leaders in medical, automotive and industrial verticals, who are using it daily to power their products.

  • Who is using it?

    Astarte’s integration capabilities make it completely horizontal to the final application. This is why Astarte is already powering, among others, digital signage solutions, medical devices tracking and monitoring, fleet automation of industrial vehicles and industrial plant automation.

    Astarte does not get in the way of your business: it integrates into your existing process and logic, and strives to automate and enhance it the way you need it.

  • Who builds it?

    Astarte is built by Ispirata, a leading IoT solution provider. Ispirata, located in Italy and born in 2012, is already serving industrial, medical and enterprise market leaders.

    Thanks to the strong background of its founding members, its commitment and investment in technological excellence and its proven track record of deliveries, Ispirata is constantly growing as a global partner of choice for embedded/IoT applications.

A Typical Scenario


Sensors are deployed on an arbitrarily dislocated geographical area and you want to access the data they generate from within your headquarter.


Install a WebServer on each geographic location with its own public IP Address and access it from remote with a web call like


What can go wrong WITHOUT our solution

  • 1. Network issues

    In order to let external agents to connect to your local web-server you need a public fixed IP Address. As you know, this has high maintenance costs when your board is wired. It is almost impossible to have a fixed IP Address when your device is connected through a 3G/4G modem. Some providers like Verizon provide Dynamic DNS services on their devices but this option usually is available just for some specific geographical locations. Alternatively it is possible to use a VPN to reach a wired device with a Managed DNS but this option is costly and complex. Even though future solution based on IPv6 will resolve this problem at the moment is not available a viable and reliable solution for any geographical location and device supplier.


    When you install a Web Server on your remote board, generally is is able to expose a simple HTTP based interface. Unfortunately, HTTP is not the right protocol when you need to read huge quantities of data and you want to remotely control your devices in a super fast way. For this kind of applications, protocols like MQTT are generally suggested since it is possible to save bandwidth (no ASCII, no headers), to have QoS control, to exploit the benefits of a Publish/Subscribe based messaging architecture. MQTT stands for MQ Telemetry Transport. It is a lightweight messaging protocol, designed for low-bandwidth, high-latency or unreliable networks. The design principles are to minimise network bandwidth and device resource requirements. Another option is to use a CoAP protocol: a specialized web transfer protocol for use with constrained nodes and constrained networks in the Internet of Things. Like HTTP, CoAP is based on the REST model: Servers make resources available under a URL. CoAP has been designed to work with billions of inexpensive nodes with microcontrollers with as low as 10KB of RAM and 100KB of code space. Astarte can use both MQTT and CoAP protocols or any other protocol suitable for the specific application.

    Network Topology

    Your devices are dislocated around the world and you actually do not know anything about the topology of the network they are connected to. Are they behind a NAT? Are they routed through unreliable hops? Are they reachable from another internet connected device? In order to solve all this issues, the web server does not have to be on the device itself but the device has to be the agent able to connect to a centralized remote and secure system.

  • 2. Security is a non-trivial task

    Device Installation:

    As said, your devices will be installed around the world. Who manages the installation & authorization procedure? How? Can you guarantee confidentiality of the data sent & received? Your infrastructure needs to authenticate and verify the identity of your technicians in order to maintain high levels of security. Certification procedures and a secure credential management system are key points that cannot be neglected.

    Periodic Maintenance of the DEVICE

    Your device has some pieces of software on it that implement some smart functionality and your software needs to be updated regularly in order to introduce new features or to correct existing bugs or, at worst, to correct security issues. In fact, what if new exploits are discovered for your stack installed on your device base? You definitely need the possibility to easily update and maintain your device from a centralized and secure remote interface.

    Periodic Maintenance of the CLOUD

    Also your central server needs maintained to be secure over the time. How frequently are you auditing your system? How frequently are you maintaining your server IT infrastructure? Are you mitigating security issues? How? All these operations have high costs are distract you what’s matter: your business operations.

  • 3. Pull vs Push Systems

    Pull System

    Installing a single web-service on every device (pull system) you have, you need to take care of maintaining an accurate list of web server device, their addresses, passwords, and so on and so forth. What if you need to have an aggregate information like “give me the list of devices that had the temperature over 50°C in the last three month?”. You cannot, since you can only read information from one device per time. Aggregation and analysis of data is a complex operation and required a complex platform to be correctly afforded, but a pull based system cannot be able to do it.

    Push System

    On the other hand, if you have a push system where every distributed device is able to send data to a remote secure server infrastructure, you only need a device to be authorized to collect data and to send them to the centralized site, only when some useful data is collected. In this situation, aggregation and analysis on aggregate are easy tasks to do with a push system. Complex queries are now an easy task to be performed.

Use Cases

  • Biomedical device for skin treatments

    Astarte has been employed for monitoring and remote diagnostics of biomedical devices, and for the transformation of the business model from the sale of the hardware biomedical devices to a pay-per-use service.



    The customer is acquired in the middle of a transition, where you need to update thousands of machines in the field, and design new devices with new hardware on board. Currently, the customer has already provided a system for diagnostics and sale of treatments.


    Current problems:

    • The system does not communicate bidirectionally.
    • It is not possible to determine effectively whether a device is online or not.
    • Because of the poor security of the system, it is not possible to identify whether a device has undergone tampering or not.
    • Because of the inadequacy of the protocols used, the customer is forced to cut the data history because of the enormous amount of data transferred
    • As a direct consequence, the cost of hosting and maintenance of the service are beyond expectation.

    Thanks to Astarte, the software update of the devices and the adjustment of the remote service go hand in hand to solve the problems encountered. It is in fact necessary to change on both sides of the chain to achieve the desired results. During a transition period of few months, it has been possible to implement a backwards compatible system that has led to a progressive reduction of costs, adding additional features (eg .: software updates via WiFi) and resolution of all problems encountered .

  • Automation of a Production Plant

    Astarte is used to integrate the data coming from the production machines to automate the assembly line. The integration of the data from the production line with the company's Enterprise Resource Planning (ERP) allows the customer to integrate the process data with the incoming orders and shipping, automating the inventory management and the production process.



    The customer is acquired following a request to automate the supply chain. At the time of the request, the process is composed of processing of raw material which passes through about 10 different machines. These machines are not interconnected, the data to be acquired is in large part ignored and the whole chain requires a constant human intervention to trace the batch of production and bring the process to finish.


    The customer has the following requirements:

    • The scalability of the production must be minimally dependent on the man power of the plant.
    • Because of customer demand, the production batch must be meticulously tracked and have a historic data as large as possible.
    • The data generated by the machines must be connected automatically to the production batch.
    • However, for some parts of the chain where human intervention is necessary, it must be possible to do manual data entry.
    • In the event of a fault or error, an operator must be immediately notified
    • The company management must contain a subset of information related to the initial batch, intermediate and finished products, and automatically associate them with richer information.
    • You can not connect the system to an external network due to company policy.

    Thanks to Astarte, a fully on-premise system has been implemented that combines a set of gateways, industrial handhelds, a mobile application and BLE tags to achieve the goal. Each batch is individually identified by its tag, and followed by the gateways and sensors in each step of the production. Via handheld devices, operators can perform manual data entry, review the process at any stage, and they are notified of any problems via a custom mobile application.

    The Astarte system implements an SAP connector, through which there are made custom transactions when necessary. In addition, a minimum subset of data is pushed to other servers to be used remotely (eg .: identification of fault).

    With this system, the customer has significantly reduced the human intervention throughout the chain, increasing its production capacity, and is now able to handle properly and automatically documentation and reports for each finished product, with a substantial amount of time saved.

  • Digital Signage

    Astarte is used in this context as the technology behind the software that controls both the schedule is the health of the individual machines. The advantages of adopting Astarte include significantly reduced maintenance costs, remote control even in low bandwidth and high latency situations and removes the need for large part of human intervention.



    The customer is acquired through the system integrator that follows the production and implementation of resident cards installed in totems at the stations. At the moment of the request, the customer has obsolete and inadequate technologies for the implementation of a remote controlled and distributed system, that prevent them from realizing the system proposed.


    The customer has the following requirements:

    • The system must be able to control the health and schedule of thousands of devices in a secure way, not linked to internet.
    • However, the customer is interested in the system integrator and that they can change the schedule remotely, to avoid the inspection of an operator or manual intervention for each station
    • The system must be able to independently solve the main problems, promptly notify the faults and ensure that the monitors are turned on pretty much always.

    Thanks to Astarte, it was possible to implement a dashboard for the system integrator for the overall control of all installed stations. On the board monitor, the Astarte software has managed to increase uptime, from 75% to 95%, and to produce the best performances in terms of graphics.

Full Stack

Astarte Industrial IoT Architecture

Astarte is designed from the ground up for complete integration: it does not aim at feeding you with more tools, but to enhance your existing ones.

Astarte is also built with security, reliability and resource optimisation in mind, as proven by our current customer base.

  • Don’t adopt yet another frontend: augment your own
  • One does it all solution for IoT integration in your infrastructure (cloud/on premise)
  • Security-driven approach to device connectivity
  • A complete solution for both Gateways and remote infrastructure

Astarte works and integrates with major cloud providers, and can also be deployed on premise or even on small gateways, depending on the use case.

Astarte’s middleware can be distributed on major embedded and mobile OS, or you can interact with and feed data to Astarte through standard IoT protocols.

Astarte Industry 4.0 Gateway

The Gateway approach

A Gateway makes it possible to connect a non-IoT local device network to a cloud/ on-premise infrastructure such as Astarte.

Having an intermediate entity allows for solving a number of issues on the data transport end in terms of security, compatibility and reliability. Moreover, the device can also talk with a legacy, non-IP protocol.

Astarte Gateway packs in all you need to connect your device networks to the IoT and your business logic. It’s a standalone solution which can be installed right away and can integrate with potentially any field protocol your hardware supports.

  • Integrate any field protocol (e.g.: CANBus) on the Gateway’s end
  • Use Astarte’s Data connectors to deliver data securely to your Business Logic/ERP/Analytics
  • Monitor all your devices
  • Take advantage of hardened security
  • Integrate with Distributed Computing/Fog solutions
  • No code needed: install the gateway, and start collecting data.

Astarte Gateway comes preinstalled on a number of devices of our partners, which belong to three categories. Or you can make your own. Choose what fits your use case best.

Embedded Boards

Astarte Industry 4.0 Gateway Embedded Boards
  • Cost-efficient
  • Custom field protocols
  • Limited computing capabilities

Industrial Gateways

Astarte Industry 4.0 Industrial Gateways
  • Vast choice of connectivity options
  • Local computing capability
  • Support for industrial buses

Local Servers

Astarte Industry 4.0 Gateway Local Servers
  • Great for existing local installations
  • Can be deployed as a container
  • Integrate existing components
Industrial IoT Infrastructure


Astarte joined with a gateway stack assumes many gateways installed on the field collecting data from unstructured sources. Each source can be defined as an extension to Astarte (Hemera’s) local collection infrastructure.

The gateway connects to a remote endpoint which takes care of routing the data.

The gateway running Hemera is configured according to the way data sources should be collected and transferred to the final endpoint.

Data sources to/from sensors or machines are driven by custom applications or by configuring pre-made connectors, depending on the transfer protocol.

Internally, Hyperspace contains the logic for pairing with the Astarte transport and configuring the way data is sent. The lower end of data collection is as verbose as possible, whereas rate limiting and other processing are done at Hyperspace’s level.

Hyperspace infrastructure

Hyperspace infrastructure

Hyperspace works with an out-of-process infrastructure which allows data to be collected from independent processes, and routed through multiple transports.

Applications or connectors can hook into the main engine (hyperdrive) and take advantage of data routing.

Astarte uses a multi-protocol data transport, mainly built around HTTPS and MQTT(S). Depending on the use case, Hyperspace selects the best protocol and performs local caching to deliver data when connectivity becomes available, depending on the defined policies.

Data can be transferred either as “critical” or standard, the first being a mechanism in which data is ensured to be delivered at the expense of bandwidth, the latter being more conservative in terms of bandwidth, with the possibility of losing data.

Connection mechanisms (such as Ethernet) can be configured to upgrade all data to “critical” when no bandwidth constraints are in place.

Security Model

Security Model

Astarte’s security model is built around a pairing mechanism which guarantees both security and authenticity of the message and the sender.

Every Astarte appliance is configured to have two private CAs (Certificate Authority) to authenticate the appliance and the device.

The Gateway, when delivered, is loaded with a private certificate. When possible, this certificate is stored in dedicated hardware chips.

This certificate identifies the gateway as part of a specific deployment, and allows the gateway to pair.

Each Gateway is then identified with an unique ID, which is hardware-dependent.

Upon startup, the Device generates a certificate with its own ID. It then prompts the server, through a mutual-authentication HTTPS request, to sign such a certificate with the device-specific CA. Once this is done, the device is allowed to connect to the actual data transport with its own certificate, which identifies it univocally.

No private keys are transferred.

Server Stack

The Server Stack

Astarte’s server stack is built on top of Docker and Java/Spring, to ensure full modularity and making component replacement easy.

An internal broker orchestrates components and connectors to make sure data routing happens correctly.

The logic for device communication and internal communication is entirely separated in two different brokerage mechanisms, to make sure any policy conflicts or issues in the upper stack do not compromise device security.

Angelia, the routing core, takes care of delivering data coming from devices to external applications through a set of connectors.

When data is gathered through the transport Pulsar receives a secure and authenticated payload. This is then serialised and delivered to Angelia’s broker, which in turns delivers data to Connectors. Such connectors can either use direct broker connection (through RabbitMQ) or use REST APIs provided by Angelia itself.

The Full-Stack is created in a collaboration between the following partners.

Astarte partners